Linux · Linux Kernel · CVE-2024-39463
Name of the Vulnerable Software and Affected Versions:
Linux Kernel (affected versions not specified)
Description:
The issue is related to a use-after-free vulnerability in the Linux kernel's 9p file system. This occurs when a thread looks up a fid through dentry while another thread unlinks it, resulting in a use-after-free on dentry's d fsdata fid list. The problem arises because d fsdata was not accessed under d lock, and since d release() is normally only called once the dentry is no longer accessible, but it is also called explicitly in v9fs remove, the lock is required. The vulnerability can be exploited to potentially escalate privileges.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.